Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-02-06 | CVE-2001-1371 | Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server 1.0.2 The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | 7.5 |
| 2001-12-21 | CVE-2001-1216 | Buffer Overflow vulnerability in Oracle Application Server 1.0.2 Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | 7.5 |
| 2001-12-06 | CVE-2001-0836 | Unspecified vulnerability in Oracle Application Server web Cache 2.0.0.1 Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
| 2001-12-06 | CVE-2001-0833 | Buffer Overflow vulnerability in Oracle OTRCREP Oracle Home Environment Variable Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | 7.2 |
| 2001-08-31 | CVE-2001-0943 | Unspecified vulnerability in Oracle Database Server 8.0.5/8.1.5 dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. | 7.2 |
| 2001-08-22 | CVE-2001-0591 | Unspecified vulnerability in Oracle Application Server and JSP Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | 7.5 |
| 2001-08-14 | CVE-2001-0528 | Unspecified vulnerability in Oracle E-Business Suite 11I Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges. | 7.2 |
| 2001-07-17 | CVE-2001-0974 | Unspecified vulnerability in Oracle Internet Directory 2.1.1/3.0.1 Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | 7.5 |
| 2001-07-16 | CVE-2001-1321 | Denial-Of-Service vulnerability in Internet Directory 2.1.1/3.0.1 Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. | 7.5 |
| 2001-07-16 | CVE-2001-0975 | Buffer Overflow vulnerability in Oracle Internet Directory 2.1.1/3.0.1 Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | 7.5 |